Thursday, 2016-08-11

« Wednesday, 2016-08-10 Index Friday, 2016-08-12 »
openstackgerritAlexander Monk proposed openstack/designate-dashboard: Follow-up Ibddffc5f: Also allow PTR records pointing to the domain itself  https://review.openstack.org/35367100:06
*** rudrajit_ has quit IRC00:07
*** tyr__ has quit IRC00:27
*** kei_yama has joined #openstack-dns00:33
*** stanzgy has quit IRC00:35
*** kei_yama has quit IRC00:37
*** kei_yama has joined #openstack-dns00:38
*** kei_yama has quit IRC00:43
*** penick has quit IRC01:07
*** rudrajit has joined #openstack-dns01:12
rkrumHi, I'm working on adding Designate to OpenStack Kolla project at the moment. Need some help with the mDNS Service.01:42
*** mlavalle has quit IRC01:45
rkrumWhat does mDNS service use udp for? I am planning on setting all_tcp = true, so I can put it behind haproxy. But not sure if there will be any negative impact to this.01:51
rkrumAFAIK mDNS is used by the customer facing DNS servers for zone transfer which is done via TCP.01:53
*** chlong|mtg has joined #openstack-dns01:57
*** ducttape_ has joined #openstack-dns02:18
*** penick has joined #openstack-dns02:35
*** penick_ has joined #openstack-dns02:40
*** penick has quit IRC02:41
*** penick_ is now known as penick02:41
*** sonuk has joined #openstack-dns03:01
*** ducttape_ has quit IRC03:06
*** ducttape_ has joined #openstack-dns03:06
*** krotscheck_ has joined #openstack-dns03:12
*** krotscheck has quit IRC03:13
*** krotscheck_ is now known as krotscheck03:14
*** rudrajit has quit IRC03:29
*** rudrajit has joined #openstack-dns03:30
*** kei_yama has joined #openstack-dns03:35
*** rudrajit_ has joined #openstack-dns03:36
*** kei_yama has quit IRC03:40
*** rudrajit has quit IRC03:40
*** draynium has quit IRC03:46
*** draynium has joined #openstack-dns03:52
*** kei_yama has joined #openstack-dns03:52
*** kei_yama_ has joined #openstack-dns03:53
*** kei_yama has quit IRC03:53
*** kei_yama_ has quit IRC03:58
*** richm has quit IRC04:07
*** clayton has quit IRC04:48
*** clayton has joined #openstack-dns04:48
*** serverascode_ has joined #openstack-dns05:44
*** barclaac_ has joined #openstack-dns05:48
*** afranc has quit IRC05:48
*** serverascode has quit IRC05:48
*** barclaac has quit IRC05:48
*** afranc has joined #openstack-dns05:49
*** serverascode_ is now known as serverascode05:51
*** rudrajit_ has quit IRC06:03
*** nyechiel has joined #openstack-dns06:12
*** kei_yama has joined #openstack-dns06:22
*** kei_yama has quit IRC06:26
*** kei_yama has joined #openstack-dns06:39
*** kei_yama has quit IRC06:40
*** kei_yama has joined #openstack-dns06:41
*** pcaruana has joined #openstack-dns06:45
*** kei_yama has quit IRC06:46
*** kei_yama has joined #openstack-dns06:59
*** f13o has joined #openstack-dns07:00
*** kei_yama has quit IRC07:02
*** kei_yama has joined #openstack-dns07:02
*** kei_yama has quit IRC07:03
*** kei_yama has joined #openstack-dns07:04
*** kei_yama has quit IRC07:08
*** stanzgy has joined #openstack-dns07:15
*** chlong|mtg has quit IRC07:46
*** f13o has quit IRC08:18
*** abalutoiu has joined #openstack-dns08:31
*** f13o has joined #openstack-dns08:36
*** v12aml has quit IRC08:46
*** v12aml has joined #openstack-dns08:47
*** rkrum has quit IRC09:02
*** amitkqed has quit IRC09:27
*** amitkqed has joined #openstack-dns09:27
*** kei_yama has joined #openstack-dns09:32
*** kei_yama has quit IRC09:37
*** kei_yama has joined #openstack-dns09:49
*** kei_yama has quit IRC09:51
*** v12aml has quit IRC09:52
*** kei_yama has joined #openstack-dns09:52
*** v12aml has joined #openstack-dns09:53
*** kei_yama has quit IRC09:57
*** hoobaman has quit IRC09:59
*** f13o has quit IRC10:08
*** kei_yama has joined #openstack-dns10:11
*** kei_yama has quit IRC10:15
*** rkrum has joined #openstack-dns10:42
*** rkrum has quit IRC10:54
*** GonZo2K has quit IRC11:03
*** stanzgy has quit IRC11:16
*** f13o has joined #openstack-dns11:19
*** amitkqed has quit IRC11:28
*** amitkqed has joined #openstack-dns11:28
*** chlong|mtg has joined #openstack-dns11:44
*** venkat has joined #openstack-dns12:03
*** venkat has quit IRC12:29
*** GonZo2000 has joined #openstack-dns12:31
*** GonZo2000 has quit IRC12:35
*** leitan has joined #openstack-dns12:52
*** f13o has quit IRC12:55
leitanMorning guys, quick question, is only admin capable of creating domains and add records ? i have a regular user and cant see the buttons of "create domains" or "manage records" on the horizon dashboard . (in the meantime ill take a look at the policy json)12:58
leitanhmmm it seems that is related that i have a v2 policy json, and im using a v2 policy_json13:02
*** leitan has quit IRC13:07
*** f13o has joined #openstack-dns13:16
*** rkrum has joined #openstack-dns13:20
*** leitan has joined #openstack-dns13:21
leitanhmmm, same thing, changed policy file to the liberty one ... cant see the buttons on the dashboard13:22
*** shewless has quit IRC13:26
*** ducttape_ has quit IRC13:31
leitanlet me know when someone can lend me a hand here :)13:37
*** shewless has joined #openstack-dns13:57
shewlessHi. In the process of setting up designate on Mitaka. Following http://docs.openstack.org/developer/designate/install/ubuntu-liberty.html13:58
shewlessIt looks like you have to edit /etc/designate/designate.conf and add a storage connection and a pool_manager connection13:59
shewlessThe docs explain how to create the "designate_pool_manager" database - that part is straight forward13:59
*** mlavalle has joined #openstack-dns13:59
shewlessBut I'm not sure about this designatedb database related to the storage14:00
shewlessAm I expected to create that myself?14:00
mugsieshewless: yes14:06
mugsieleitan: can you paste your policy file?14:06
leitanmugsie, yes14:06
mugsieand what roles an normal user has?14:06
leitanmugsie, just _member_14:06
leitanill paste my "merged" policy file14:06
leitanthat combines liberty/mitaka14:06
leitanstill doesnt work14:07
shewlessmugsie: okay. is that part just missing from the docs?14:07
*** ducttape_ has joined #openstack-dns14:07
*** ducttape_ has quit IRC14:07
*** ducttape_ has joined #openstack-dns14:08
leitanmugsie, http://paste.openstack.org/show/bYCcQUiu2B8C12uLg9ze/14:09
mugsieshewless: it was removed from the packages in mitaka14:11
mugsiethe liberty debs created the db14:11
shewlessmugsie: okay thanks.. I created it. I still see this error when trying to start designate-central though: Access denied for user 'designate-common'@'%' to database 'designatedb'14:12
shewlessmugsie: I guess I try and login manually as that user with the right password first14:12
mugsieshewless: yeah, looks like there is a auth isuse14:14
mugsieleitan: is there anything in the horizon logs?14:14
leitanmugsie, let me check14:14
*** rkrum has quit IRC14:15
shewlessmugsie: "Table 'designatedb.tlds' doesn't exist14:18
shewlessmugsie: Is there any way to know which tables need to be created and their schema?14:18
mugsieshewless: you have to run "designate database sync"14:20
mugsieit should create the tables14:20
timsim`designate-manage` ;)14:20
shewlessmugsie. Okay I ran that already but maybe because the db didn't exist it didn't populate. I'll try14:20
shewlessmugsie: you mean this right? sudo su -s /bin/sh -c "designate-manage pool-manager-cache sync" designate14:21
timsimNo, it's designate-manage database sync14:21
mugsieah, nope14:21
timsimThere's two :)14:21
mugsiedesignate-manage database sync14:22
shewlessoh.. okay thanks!14:22
*** GonZo2000 has joined #openstack-dns14:22
mugsietimsim is on the ball14:22
shewlessthat's doing stuff14:22
shewlessDo I need to run them both on a fresh install?14:23
mugsieyes14:24
mugsieif you want to use mysql for the  pool manager cache14:25
mugsieyou can use memcached if yhou prefer14:25
mugsiewell. you should use memcached14:25
mugsieit just depends on scale14:26
shewlessmugsie: I'd like to use memcached if that'll improve perf14:27
shewlessmugsie: is that just a /etc/designate/designate.conf change?14:27
mugsieyeah14:27
mugsieset https://github.com/openstack/designate/blob/master/etc/designate/designate.conf.sample#L386-L388 to the servers running memcached14:28
shewlessI guess I just do [pool_manager_cache:memcache] section14:28
mugsieand https://github.com/openstack/designate/blob/master/etc/designate/designate.conf.sample#L41014:28
mugsie(cache = memcache in [service:pool_manager]14:28
mugsie)14:28
leitanmugsie, just [11/Aug/2016:09:28:16 -0500] "GET /horizon/project/dns_domains/ HTTP/1.1" 200 4862 "http://172.120.120.3:8081/horizon/project/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36"14:28
leitanwhen i access the dns part on project14:29
mugsieleitan: weird14:29
mugsieok14:29
*** GonZo2000 has quit IRC14:29
mugsietry this -  change "create_domain" to "role:_member_"14:29
shewlessmugsie: that second link is pointing to SQLAlchemy Storage.  IS that right?14:29
leitanmugsie, ill give ir a try14:30
mugsiei think horizon might not have the same level of complexity availible14:30
mugsieshewless: sorry, my bad - https://github.com/openstack/designate/blob/master/etc/designate/designate.conf.sample#L36614:30
leitanmugsie, i have to change it horizon and the API ?14:30
leitanor just horizon14:30
mugsiejust horizon14:30
leitanok14:30
shewlessmugsie: thanks! I guess that way I don't have to create tables and schemas and stuff14:30
mugsiefor the cache no14:30
*** GonZo2000 has joined #openstack-dns14:30
mugsiebut we still need the main db tables14:31
shewlessare the main ones "designate_pool_manager"?14:31
leitanmugsie, ok, it worked, ill do the same for the records, and recorset stuff ... :/14:32
*** chlong|mtg has quit IRC14:33
mugsieshewless: no, they are the designatedb14:33
mugsieleitan: OK, sorry about that. we need to document that horizon rule may need to be simpler14:33
leitanmugsie, ok, i just copied over the policy.json from the api haha14:35
leitanwant me to open a bug for it mugsie  ?14:35
mugsieleitan: yeah, that would be great14:36
*** pglass has joined #openstack-dns14:39
leitanmugsie, done14:45
mugsiety14:45
*** chlong|mtg has joined #openstack-dns14:46
*** nyechiel has quit IRC14:53
*** toabctl has joined #openstack-dns14:57
toabctlhi14:57
toabctlwould you accept a non-voting job with postgres as database backend?14:58
*** abalutoiu has quit IRC15:00
*** GonZo2000 has quit IRC15:06
mugsietoabctl: sure15:09
mugsieand after is passes for a week or 2 I would look at making it voting15:09
mugsiei'll PTL +1 it, when Kialls concerns are fixed15:10
*** penick has quit IRC15:12
*** tyr_ has joined #openstack-dns15:14
*** tyr_ has quit IRC15:14
toabctlmugsie, there is still this legacy postgres job15:16
toabctlhttps://git.openstack.org/cgit/openstack-infra/project-config/tree/jenkins/jobs/projects.yaml?h=master#n152515:16
toabctlmugsie, but I don't see it in any reviews. should I remove that one?15:16
mugsieyeah15:16
*** tyr_ has joined #openstack-dns15:19
toabctlmugsie, I updated the patchset15:19
*** f13o has quit IRC15:19
*** mionkin has quit IRC15:24
*** catintheroof has joined #openstack-dns15:27
*** tyr_ has quit IRC15:29
leitanmugsie, what should be the policy to get the "manage records" on the horizon, i changed the create_record rule on the policy.json still doesnt appear15:34
mugsieget_records15:36
mugsieleitan: https://github.com/openstack/designate-dashboard/blob/99954dfdc8212af577eb82f9eac641e743c712ad/designatedashboard/dashboards/project/dns_domains/tables.py15:36
mugsielook at the "policy_rules" - they should give you pointers about what to edit15:37
leitanmugsie, awesome thanks15:37
leitanmugsie, yes thats helpfull15:37
leitanmugsie, ty15:37
*** haplo37__ has joined #openstack-dns15:40
*** leitan has quit IRC15:43
*** leitan has joined #openstack-dns15:55
shewlessgetting this error when I try to do a record-list16:22
shewlessERROR: Unable to establish connection to http://127.0.0.1:9001/v1/domains16:22
shewlessinitially I thought this was because /etc/designate/designate.conf I set api_host to ::16:23
shewlessbut I corrected that to be the hostname I want (instead of localhost) and it still gives me that message16:23
shewlesstried restarting designate services but that iddn't help16:23
shewlessis there a specific config I'm missing or is there a specific service I would need to restart?16:23
timsimCan you curl 127.0.0.1:9001?16:28
shewlessno16:28
timsimdesignate-api is the thing that should be listening there.16:29
timsimcheck those logs16:29
shewlessokay.. should it not be "hostname" instead of 127 though?16:29
timsimI think it's just host, as in the IP addr you want it to listen on16:30
timsimThe config value, that is.16:30
shewlesstimsim: thanks.. I see that the designate-api status is "inactive" I'll dig into that16:31
shewlesshmm.. simply starting it seemed to help :P16:31
shewlessI'm sure I did a restart.. not sure why I had to explicitly start it.. but oh well16:31
shewlessooops.. I see.. it goes inactive after a few minutes16:32
*** rudrajit has joined #openstack-dns16:35
shewlessdoes api_host  in designate.conf have to be an IP address?16:35
mugsienope, a hostname if fine as well16:36
shewlessI got this weird message: Address family for hostname not supported16:36
shewlessI get this: ConfigFileValueError: Value for option api_host is not valid: host.subdomain.domain.com is not IPv4 or IPv6 address16:38
mugsieshewless: can I get the full trace?16:38
*** rudrajit has quit IRC16:38
shewlessmugsie: sure 1 sec16:38
*** rudrajit has joined #openstack-dns16:38
mugsieshewless: its OK, i see the issue16:38
mugsieyeah, it has to be an IP16:39
mugsiei got myself confused16:39
mugsieapi-base-uri can be hostname16:39
mugsieapi_host is the actuall IP address the api listens on the server16:40
shewlessmugsie: thanks. is api_host generally 127.0.0.1?16:40
mugsieno, it is usually 0.0.0.0 or the public IP address of the box16:41
shewlessokay.. would :: work as in other openstack configs? or do you need 0.0.0.0?16:41
mugsieas in IPv6?16:41
mugsieeh .... I wouldn't hold my breath, but it might16:42
shewlessmugsie: in other openstack configs :: just means "any"16:42
shewlessipv4 or 616:42
shewlessbut yeah that didn't seem to work so good16:42
shewlessI'll do 0.0.0.016:42
shewlessnot using v6 anyways16:42
shewlessbtw: does this look like the type of error you'd see if there aren't any records yet?16:43
shewless+-------+-------+ | Field | Value | +-------+-------+ | Code  | None  | | Type  | None  | +-------+-------+ ERROR: The requested action did not complete successfully16:43
shewlesswhen doing "designate record-list"16:43
mugsieshewless: try with --debug16:44
shewless <title>503 Service Unavailable</title>16:45
mugsiewut?16:47
mugsieok. is there anuything in the logs?16:47
shewlessyup: http://paste.ubuntu.com/2303935716:48
mugsieand in the designate-api.logs ?16:49
mugsiea html error is a very bad sign16:49
*** _ducttape_ has joined #openstack-dns16:49
shewlessseeing things like this: CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data16:50
mugsieOK. do you have keystone running16:50
mugsie?*16:50
shewlessyes.16:51
shewlessI can create instances, push stacks, login to horizon, list users in the openstack cli etc16:51
shewlessI wonder if I screwed up the endpoint creation/16:51
shewlesscrap16:51
mugsieOK, and the users in the designate.conf file have permissions (usually on the service project)16:52
shewlessI totally did16:52
shewlesslet me fix that endpoint snaffu to start16:52
shewlessthen I'll look at the service_project permissions16:52
*** ducttape_ has quit IRC16:53
shewlessmugsie: the "admin_username" in neutron.conf is supposed to be "neutrons username" right?16:57
mugsiefor the advanced integration?16:57
mugsieusually, yes.16:57
shewlessmugsie: yes. do I not need the "advance integration"?16:58
shewlessI guess I do if I want my floating IPs to auto come with a dns?16:58
mugsiewell, depending on what you want to do16:58
mugsiewell, in that case, yes you do16:58
shewlessmugsie: without advanced I can just manually assign ports with a dns?16:59
shewlessmugsie: can that be done in a heat template?16:59
mugsieeh16:59
mugsiekinda16:59
mugsiethe heat resources are the old v1 API reources16:59
mugsieand they will be deprecated at the end of this cycle16:59
shewlessmugsie: Okay. I want the advanced setup I guess. But I guess I don't need that part to test the record_list17:11
mugsieno, you shouldnt17:11
shewlessmugsie: I'm running my record-list command with my "admin" environment variables. is that okay or should I be using the "designate" user?17:12
mugsieany usewr should be fine17:12
shewlessokay I'm trying to check that my users in the designate.conf file have permissions but I'm not exactly sure how to check that17:14
shewlessI verified I have a designate user with a role admin that maps the service project to my designate user17:16
mugsiecan you post the logs from the API?17:20
shewlessdesignate-api.conf?17:21
shewlesssure17:21
shewlessit sure looks like a keystone auth problem. but I can't understand why17:22
shewlesshttp://paste.ubuntu.com/2304289117:23
mugsieand the [keystone_authtoken]17:24
mugsie?17:24
mugsieremove user / pass of course17:24
shewlesshttp://paste.ubuntu.com/2304304517:24
shewlessmugsie: maybe I need to crank my keystone debug?17:25
shewlessI know keystone is working because everything else is working17:25
shewlessI think maybe it's the designate user I screwed up.. but it looks correct17:25
*** _ducttape_ has quit IRC17:29
*** catintheroof has quit IRC17:30
shewlessmugsie: If I crank keystone debug I get this error:  Authorization failed. Could not find user: designate17:31
mugsieweird17:31
shewlessbut if I do an "openstack user list" I clearly see designate in there17:32
mugsiethis v3 or v2?17:32
mugsie(keystone)17:32
shewlessv217:32
shewlesswait17:32
shewlessidentity is v317:32
shewlessbut the error message is stating v217:33
mugsiein designate.conf there should be a section titled [keystone_authtoken]17:33
mugsiecan you post a sanitised version of it?17:33
shewlessyes will do17:36
shewlesshttp://pastebin.com/SjLGwQS817:36
shewlessdo I have to force v3 somewhere?17:38
mugsieyeah, i think so. let me have a look17:43
mugsieshewless: "auth_version = v3" in taht section does it I think17:48
*** haplo37__ has quit IRC17:50
*** haplo37__ has joined #openstack-dns17:50
*** unidan has joined #openstack-dns17:51
*** haplo37- has joined #openstack-dns17:51
shewlessmugsie: you mean add that line in designate.conf?17:52
*** unidan has quit IRC17:52
shewlesswould I just need to restart designate-api to test?17:52
mugsieyeah, to the keystone_authtoken section17:53
mugsieyeah, just the API17:53
shewlessmugsie that didn't see to have any effect17:54
mugsieshewless: hum. maybe ask in #openstack-keystone ? It is their plugin we are trying to configure17:55
mugsieI am about to run into a meeting now, will be back in a hour or so17:55
shewlessmugsie: okay thanks for looking17:55
*** ducttape_ has joined #openstack-dns18:03
*** GonZo2000 has joined #openstack-dns18:12
*** darkxploit has joined #openstack-dns18:12
*** darkxploit has quit IRC18:29
*** catintheroof has joined #openstack-dns18:34
*** chlong|mtg has quit IRC18:37
*** chlong|mtg has joined #openstack-dns18:38
*** ducttape_ has quit IRC18:44
*** ducttape_ has joined #openstack-dns18:44
*** leitan has quit IRC19:03
*** leitan has joined #openstack-dns19:19
*** catintheroof has quit IRC19:28
*** f13o has joined #openstack-dns19:37
shewlessmugsie: every seen this before? missing ';' before 'port' missing ';' before '5354'19:51
shewless command 'addzone mycloud.foo.bar.com  { type slave; masters { wtllab-controller-2.foo.bar.com port 5354;}; file "slave.mycloud.foo.bar.com.27859f16-30fc-4230-8497-8e4a53d1813d"; };'19:51
*** catintheroof has joined #openstack-dns20:00
shewlesswhat's up with this 5354 thing?20:04
shewlessI think I see20:10
shewlessDo I need to create a "zone" in bind with a "master" set?20:10
shewlessI'm not sure why designate can't add a zone. It seems like the syntax is wrong20:10
shewlessgot that sorted out.. ugh20:27
openstackgerritJames Li proposed openstack/designate: Improve performance of recordsets API  https://review.openstack.org/32881320:48
shewlessmugsie: I'm seeing this now: Got Timeout while trying to send 'NOTIFY' for .. ..20:52
shewlessI don't see any errors on the bind server side20:52
*** f13o has quit IRC20:59
shewlessI don't think mdns is requesting notify correctly. If I manually send a "notify" using rndc directly it seems to be received on the bind server21:09
shewlessbut I don't see any notifies being received by bind from mns21:10
shewlessbut I don't see any notifies being received by bind from mdns21:10
shewlessI get this weird "SyntaxError" in the logs: http://paste.ubuntu.com/2304754921:15
*** tyr has joined #openstack-dns21:40
*** haplo37__ has quit IRC21:54
*** leitan has quit IRC22:10
*** pglass has quit IRC22:12
*** nyechiel has joined #openstack-dns22:22
*** catintheroof has quit IRC22:35
*** ducttape_ has quit IRC22:37
*** nyechiel has quit IRC22:38
*** tyr has quit IRC22:39
*** rkrum has joined #openstack-dns22:44
*** rudrajit has quit IRC23:04
*** ducttape_ has joined #openstack-dns23:20
rkrumCan anyone explain how the power dns backend is supposed to work.23:40
rkrumI am reading http://docs.openstack.org/developer/designate/backends/powerdns.html23:40
rkrumIn the pool configuration it refers to:23:40
rkrumconnection: 'mysql+pymysql://designate:password@127.0.0.1/designate_pdns?charset=utf8'23:40
rkrumis designate_pdns database supposed to be on the openstack controller? or it local to the powerdns server23:40
*** rudrajit has joined #openstack-dns23:54
« Wednesday, 2016-08-10 Index Friday, 2016-08-12 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!